Search
Total
1182 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-2675 | 1 Nedprod | 1 Nedmalloc | 2012-07-30 | 4.3 MEDIUM | N/A |
| Multiple integer overflows in the (1) CallMalloc (malloc) and (2) nedpcalloc (calloc) functions in nedmalloc (nedmalloc.c) before 1.10 beta2 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected. | |||||
| CVE-2007-6754 | 2 Freebsd, Netbsd | 2 Freebsd, Netbsd | 2012-07-26 | 5.0 MEDIUM | N/A |
| The ipalloc function in libc/stdlib/malloc.c in jemalloc in libc for FreeBSD 6.4 and NetBSD does not properly allocate memory, which makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, related to "integer rounding and overflow" errors. | |||||
| CVE-2006-7252 | 2 Freebsd, Netbsd | 2 Freebsd, Netbsd | 2012-07-26 | 5.0 MEDIUM | N/A |
| Integer overflow in the calloc function in libc/stdlib/malloc.c in jemalloc in libc for FreeBSD 6.4 and NetBSD makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which triggers a memory allocation of one byte. | |||||
| CVE-2011-3464 | 1 Libpng | 1 Libpng | 2012-07-23 | 7.5 HIGH | N/A |
| Off-by-one error in the png_formatted_warning function in pngerror.c in libpng 1.5.4 through 1.5.7 might allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors, which trigger a stack-based buffer overflow. | |||||
| CVE-2011-5000 | 1 Openbsd | 1 Openssh | 2012-07-22 | 3.5 LOW | N/A |
| The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant. | |||||
| CVE-2012-1163 | 1 Nih | 1 Libzip | 2012-07-16 | 6.8 MEDIUM | N/A |
| Integer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to execute arbitrary code via the size and offset values for the central directory in a zip archive, which triggers "improper restrictions of operations within the bounds of a memory buffer" and an information leak. | |||||
| CVE-2012-3368 | 1 Redhat | 1 Dtach | 2012-07-04 | 2.6 LOW | N/A |
| Integer signedness error in attach.c in dtach 0.8 allows remote attackers to obtain sensitive information from daemon stack memory in opportunistic circumstances by reading application data after an improper connection-close request, as demonstrated by running an IRC client in dtach. | |||||
| CVE-2011-2496 | 1 Linux | 1 Linux Kernel | 2012-06-28 | 4.9 MEDIUM | N/A |
| Integer overflow in the vma_to_resize function in mm/mremap.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (BUG_ON and system crash) via a crafted mremap system call that expands a memory mapping. | |||||
| CVE-2011-1759 | 1 Linux | 1 Linux Kernel | 2012-06-14 | 6.2 MEDIUM | N/A |
| Integer overflow in the sys_oabi_semtimedop function in arch/arm/kernel/sys_oabi-compat.c in the Linux kernel before 2.6.39 on the ARM platform, when CONFIG_OABI_COMPAT is enabled, allows local users to gain privileges or cause a denial of service (heap memory corruption) by providing a crafted argument and leveraging a race condition. | |||||
| CVE-2011-2209 | 1 Linux | 1 Linux Kernel | 2012-06-13 | 2.1 LOW | N/A |
| Integer signedness error in the osf_sysinfo function in arch/alpha/kernel/osf_sys.c in the Linux kernel before 2.6.39.4 on the Alpha platform allows local users to obtain sensitive information from kernel memory via a crafted call. | |||||
| CVE-2011-2208 | 1 Linux | 1 Linux Kernel | 2012-06-13 | 2.1 LOW | N/A |
| Integer signedness error in the osf_getdomainname function in arch/alpha/kernel/osf_sys.c in the Linux kernel before 2.6.39.4 on the Alpha platform allows local users to obtain sensitive information from kernel memory via a crafted call. | |||||
| CVE-2012-0659 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-05-30 | 6.8 MEDIUM | N/A |
| Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file. | |||||
| CVE-2012-0662 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-05-30 | 7.5 HIGH | N/A |
| Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted input. | |||||
| CVE-2012-2428 | 1 Xarrow | 1 Xarrow | 2012-05-28 | 10.0 HIGH | N/A |
| Integer overflow in the server in xArrow before 3.4.1 allows remote attackers to execute arbitrary code via a crafted packet that triggers an out-of-bounds read operation. | |||||
| CVE-2012-2429 | 1 Xarrow | 1 Xarrow | 2012-05-28 | 10.0 HIGH | N/A |
| The server in xArrow before 3.4.1 performs an invalid read operation, which allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2011-3362 | 2 Ffmpeg, Libav | 2 Ffmpeg, Libav | 2012-05-18 | 6.8 MEDIUM | N/A |
| Integer signedness error in the decode_residual_block function in cavsdec.c in libavcodec in FFmpeg before 0.7.3 and 0.8.x before 0.8.2, and libav through 0.7.1, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Chinese AVS video (aka CAVS) file. | |||||
| CVE-2011-3459 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-05-18 | 6.8 MEDIUM | N/A |
| Off-by-one error in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rdrf atom in a movie file that triggers a buffer overflow. | |||||
| CVE-2011-2662 | 1 Novell | 1 Groupwise | 2012-05-14 | 10.0 HIGH | N/A |
| Integer signedness error in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a negative BYWEEKNO property in a weekly RRULE variable in a VCALENDAR attachment in an e-mail message. | |||||
| CVE-2012-0684 | 1 Xnview | 1 Xnview | 2012-05-10 | 9.3 HIGH | N/A |
| Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote attackers to execute arbitrary code via a crafted file containing PSD record types, a different vulnerability than CVE-2012-0685. | |||||
| CVE-2012-0685 | 1 Xnview | 1 Xnview | 2012-05-10 | 9.3 HIGH | N/A |
| Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote attackers to execute arbitrary code via a crafted file containing PSD record types, a different vulnerability than CVE-2012-0684. | |||||
| CVE-2011-4043 | 1 Arcinfo | 3 Frontvue, Pcvue, Plantvue | 2012-04-03 | 9.3 HIGH | N/A |
| Integer overflow in an unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to execute arbitrary code via a large value for an integer parameter, leading to a buffer overflow. | |||||
| CVE-2011-1417 | 1 Apple | 3 Iphone Os, Mac Os X, Mac Os X Server | 2012-03-30 | 6.8 MEDIUM | N/A |
| Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011. | |||||
| CVE-2009-1265 | 1 Linux | 1 Linux Kernel | 2012-03-23 | 5.0 MEDIUM | N/A |
| Integer overflow in rose_sendmsg (sys/net/af_rose.c) in the Linux kernel 2.6.24.4, and other versions before 2.6.30-rc1, might allow remote attackers to obtain sensitive information via a large length value, which causes "garbage" memory to be sent. | |||||
| CVE-2009-2909 | 1 Linux | 1 Linux Kernel | 2012-03-19 | 4.9 MEDIUM | N/A |
| Integer signedness error in the ax25_setsockopt function in net/ax25/af_ax25.c in the ax25 subsystem in the Linux kernel before 2.6.31.2 allows local users to cause a denial of service (OOPS) via a crafted optlen value in an SO_BINDTODEVICE operation. | |||||
| CVE-2011-3627 | 1 Clamav | 1 Clamav | 2012-03-12 | 4.3 MEDIUM | N/A |
| The bytecode engine in ClamAV before 0.97.3 allows remote attackers to cause a denial of service (crash) via vectors related to "recursion level" and (1) libclamav/bytecode.c and (2) libclamav/bytecode_api.c. | |||||
| CVE-2011-4259 | 1 Realnetworks | 1 Realplayer | 2012-03-08 | 9.3 HIGH | N/A |
| Integer underflow in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted width value in an MPG file. | |||||
| CVE-2011-0200 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-02-04 | 6.8 MEDIUM | N/A |
| Integer overflow in ColorSync in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image containing a crafted embedded ColorSync profile that triggers a heap-based buffer overflow. | |||||
| CVE-2012-0915 | 1 Renren | 1 Renren Talk | 2012-01-25 | 9.3 HIGH | N/A |
| Integer signedness error in RenRen Talk 2.9 allows remote attackers to execute arbitrary code via crafted dimensions of a skin file, leading to a heap-based buffer overflow, as demonstrated using a BMP image. | |||||
| CVE-2012-0268 | 1 Yahoo | 1 Messenger | 2012-01-23 | 5.1 MEDIUM | N/A |
| Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo! Messenger before 11.5.0.155, when photo sharing is enabled, might allow remote attackers to execute arbitrary code via a crafted JPG image that triggers a heap-based buffer overflow. | |||||
| CVE-2011-3341 | 1 Openttd | 1 Openttd | 2012-01-19 | 7.5 HIGH | N/A |
| Multiple off-by-one errors in order_cmd.cpp in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted CMD_INSERT_ORDER command. | |||||
| CVE-2010-2643 | 1 Redhat | 1 Evince | 2012-01-19 | 7.6 HIGH | N/A |
| Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. | |||||
| CVE-2011-1710 | 1 Novell | 1 Xtier Framework | 2012-01-02 | 7.5 HIGH | N/A |
| Multiple integer overflows in the HTTP server in the Novell XTier framework 3.1.8 allow remote attackers to cause a denial of service (service crash) or possibly execute arbitrary code via crafted header length variables. | |||||
| CVE-2011-1781 | 1 Systemtap | 1 Systemtap | 2011-10-27 | 1.2 LOW | N/A |
| SystemTap 1.4, when unprivileged (aka stapusr) mode is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted ELF program with DWARF expressions that are not properly handled by a stap script that performs stack unwinding (aka backtracing). | |||||
| CVE-2011-1769 | 1 Systemtap | 1 Systemtap | 2011-10-27 | 1.2 LOW | N/A |
| SystemTap 1.4 and earlier, when unprivileged (aka stapusr) mode is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted ELF program with DWARF expressions that are not properly handled by a stap script that performs context variable access. | |||||
| CVE-2011-0226 | 2 Apple, Freetype | 2 Iphone Os, Freetype | 2011-10-26 | 9.3 HIGH | N/A |
| Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011. | |||||
| CVE-2009-4639 | 1 Ffmpeg | 1 Ffmpeg | 2011-10-26 | 4.3 MEDIUM | N/A |
| The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) via a crafted AVI file that triggers a divide-by-zero error. | |||||
| CVE-2009-4632 | 1 Ffmpeg | 1 Ffmpeg | 2011-10-26 | 5.8 MEDIUM | N/A |
| oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted file that triggers an out-of-bounds read. | |||||
| CVE-2009-4634 | 1 Ffmpeg | 1 Ffmpeg | 2011-10-26 | 10.0 HIGH | N/A |
| Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that (1) bypasses a validation check in vorbis_dec.c and triggers a wraparound of the stack pointer, or (2) access a pointer from out-of-bounds memory in mov.c, related to an elst tag that appears before a tag that creates a stream. | |||||
| CVE-2009-4640 | 1 Ffmpeg | 1 Ffmpeg | 2011-10-26 | 4.3 MEDIUM | N/A |
| Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Vorbis file that triggers an out-of-bounds read. | |||||
| CVE-2009-4633 | 1 Ffmpeg | 1 Ffmpeg | 2011-10-26 | 10.0 HIGH | N/A |
| vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparison operator was intended, which might allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that modifies a loop counter and triggers a heap-based buffer overflow. | |||||
| CVE-2011-2123 | 1 Adobe | 1 Shockwave Player | 2011-10-11 | 9.3 HIGH | N/A |
| Integer overflow in the Shockwave 3D Asset x32 component in Adobe Shockwave Player before 11.6.0.626 allows remote attackers to execute arbitrary code via a crafted subrecord in a DEMX chunk, which triggers a heap-based buffer overflow. | |||||
| CVE-2006-5679 | 1 Freebsd | 1 Freebsd | 2011-10-11 | 4.6 MEDIUM | N/A |
| Integer overflow in the ffs_mountfs function in FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly execute arbitrary code via a crafted UFS filesystem that causes invalid or large size parameters to be provided to the kmem_alloc function. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem. | |||||
| CVE-2011-2109 | 1 Adobe | 1 Shockwave Player | 2011-10-05 | 9.3 HIGH | N/A |
| Multiple integer overflows in Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allow attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2011-2121 | 1 Adobe | 1 Shockwave Player | 2011-10-05 | 9.3 HIGH | N/A |
| Integer overflow in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2011-2120 | 1 Adobe | 1 Shockwave Player | 2011-10-05 | 9.3 HIGH | N/A |
| Integer overflow in the CursorAsset x32 component in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2011-1564 | 1 Realflex | 1 Realwin | 2011-09-22 | 10.0 HIGH | N/A |
| Multiple integer overflows in the HMI application in DATAC RealFlex RealWin 2.1 (Build 6.1.10.10) and earlier allow remote attackers to execute arbitrary code via crafted (1) On_FC_MISC_FCS_MSGBROADCAST and (2) On_FC_MISC_FCS_MSGSEND packets, which trigger a heap-based buffer overflow. | |||||
| CVE-2011-3501 | 1 Cogentdatahub | 1 Cogent Datahub | 2011-09-21 | 5.0 MEDIUM | N/A |
| Integer overflow in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to cause a denial of service (crash) via a negative or large Content-Length value. | |||||
| CVE-2011-2489 | 1 Nrl | 1 Opie | 2011-09-07 | 7.2 HIGH | N/A |
| Multiple off-by-one errors in opiesu.c in opiesu in OPIE 2.4.1-test1 and earlier might allow local users to gain privileges via a crafted command line. | |||||
| CVE-2011-1843 | 1 Banu | 1 Tinyproxy | 2011-09-07 | 6.8 MEDIUM | N/A |
| Integer overflow in conf.c in Tinyproxy before 1.8.3 might allow remote attackers to bypass intended access restrictions in opportunistic circumstances via a TCP connection, related to improper handling of invalid port numbers. | |||||
| CVE-2011-1137 | 1 Proftpd | 1 Proftpd | 2011-09-07 | 5.0 MEDIUM | N/A |
| Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of service (memory consumption leading to OOM kill) via a malformed SSH message. | |||||